Advanced Multi-Layer Security

Clinical Studio utilizes a multi-layer security approach that guarantees system and data security while permitting flexibility when allowing access privileges to applications.

256-bit SSL

Clinical Studio utilizes the Internet’s most advanced security: 256 bit Secure Socket Layer encryption. This assures that Clinical Studio is as secure as any site on the Internet. We have a registered security certificate through an authorized certifying authority. All data transmitted using Clinical Studio is fully encrypted to the highest standard possible. It is literally impossible to decrypt this data without having the encryption keys which are stored in the vault of the certifying authority.

Role Security

Clinical Studio allows study designers to create and manage user roles throughout the system. A unlimited number of roles can be created. Each user is assigned a role. That role determines access rights within the system. Every feature within every application in the system has an access right associated with it. Roles are assigned these access rights based on what a given user’s responsibility will be within the system.

Configuring Role Security

Advanced Sign In Rules

The following sign rules have been implemented into Clinical Studio

Minimum Characters in Password: 8

Minimum Upper Case Characters in Password: 1

Minimum Numeric Characters in Password: 2

Password Expiration: Yes, every 30 days

Password Reuse: Yes, after 120 days

Password Reset: Yes

Number of Failed Login Attempts Prior to Suspending User Account: 5

All passwords are stored in the database using a salted MD-5 encryption algorithm. That means no access to passwords is possible. If a user forgets a password, that password must be reset and sent to the user, where they must change the password immediately upon their return to the system.

Session Monitoring

Clinical Studio employs the most advanced session monitoring available. Clinical Studio tracks the amount of time a user has been inactive. If that time exceeds 30 minutes, the session is expired. However, when the session expires, no data is lost. A popup window is displayed asking the user to sign back into the system. After the user successfully signs in, they are returned to where they left off when the session expired. If the user does not sign in, after two hours they will be signed completely out of the system. The system is constantly monitoring the time remaining before the session expires. That time is displayed on every screen.